Just Finished Running Your STEPS!!!

Hello friends,

I was recently using my pc going on the net, and than I turned it off. I turned it back on a bit later and tried to go on the net... But it would'nt let me go on. So I called my internet provider. They told me my signal was perfect. I ran a scan with my AVG, and it found 5 virus'. It was unable to heal, delete, or move them to the vault. So I chose them from the list of infected files in the avg finished chart, and moved two to the vault. As soon as I did that the other 3 virus' in the list were gone. So all I ended up with was 2 in the vault. They were zip files so the other 3 virus' were probably in the both of them. AVG listed these two zips as "Trojan Horse/Java/Classloader" & "Virus Identified Java/ByteVerify".

I was than able to get on the internet, so I decided to do an online virus scan on trend micros site. I ran there "House Call" online scanner and it found 3 different virus'. It deleted 2 of them but was unable to delete or do anything at all with the last one called "TSPY_AGENT.TQ". So I chose "take no further action" on the scanner, and it told me to run a scan again. This time the scan finished and did not list the "TSPY_AGENT.TQ" infection. I did some research on this infection through google, and found that most people who scaned there pcs found it, were unable to do anything to remove it, repeated the scan again, and it did'nt show up the second time there scan finished. So I am as weary as they are, feeling as if though this is somehow still on my system. After running your suggested process I found other stuff so here is where I begin...

I am a clean pc freak so I came to your site for help and read the "Read Me" you guys suggested to do before posting anything. But before you look at my attached logs I have a few things I must disclose that had happened during the entire process your site recommended before posting:

1. For some reason when I chose to use safe boot, my system showed me two profiles to chose from. One said "Administrator", and the other one was the one I normally use. I've never seen the "Administrator" on normal boots since I first installed XP. I always assumed when I log in on normal boots (ie: not safe mode), I am the administrator. Because I only see one profile when I boot normally. & that is the one windows told me to make/name when I first installed XP. It would'nt let me finish installing XP if I did'nt do so. Anyways during safe mode I did'nt use my regular "NAME" profile. Instead I chose the "Administrator" profile. I'm still wondering why it does'nt show me two profiles on normal boots!!!

2. During the safe mode process your site recommended I noticed the program "CCleaner" deleted some AVG files with txt, bin, and log extentions to name a few. I hope this is'nt bad and ruins my AVG!!!

3. During the safe mode process your site recommended I chose "Spybot Search & Destroy" from the start/programs menu. It ran as if I were running it for the first time (it started up as if it were freshly installed). It asked me to back up the registry, search for updates, & immunize. I only chose to back up the registry and immunize since I could not update since I disconnected the internet as suggested by your sites recommendations. Maybe this happened because I chose to use the "Administrator" profile. I did the scan with it but after it was done I went in "C/Documents & Settings" and chose the name folder that I use when I normally boot, and went to it's desktop icons. I scanned with that icon because I know that I had this one updated on my normal boot log in before I went into safe mode. This one ran without asking me to back up the registry, update, or immunize. As I mentioned I updated, and immunized before I went into safe mode. Hmmm... I wonder what the issue was there???

4. Bit Defender: This online scanner actually found some infections it could'nt clean, delete, or do anything with. I'm stating this because I have a couple of zipped programs I never installed, and a internet arcade game I have never installed. I am suspicious that they are the files. Not to mention Bit Defender stated that they were. lol. I never knew they had bad stuff in them. No scanner I have ever run had found this. Anyways I did not take any manual action as I wanted to comment on what Bit Defender found first. I do know what and where these files are though. I kinda need one of the zip files (containing programs), it found to have some sort of infection. The others could possibly go. I assume you would help me on this. My logs will be below anyways.

5. Panda found something. It's log is below as well.

6. I'm just letting you know I have the program "System Mechanic 4" on my pc. & before I made my "Hijack This" log, I ran the system mechanic wizard (which does a defragment, cleans the registry, junk files, internet clutter, & pc parasites).

7. Another thing I am letting you know about is the fact that before I made my "Hijack This" log my msconfig was on "Selective Startup". Your "Read me before you post" said to use "Normal Startup". Do I have to change this back? Or was it on "Normal Startup" since I first installed XP, or since before I did your whole recommended fix? I'm stating this because I still run a P3 and I know msconfig does stuff when messing with startups like making your pc slower or something, and I want my settings to be set the way it was before any of your sites recommended "Do it yourself before you post" guide. That's one thing your guide does not say. It how to set things the way it was before.

8. During your recommended "Do it yourself before you post" guide it said to go into the "Tools/Folders Options" and unhide certain files. Now that I am done your guide should I go back and rehide all of it back to the way it was?

9. By the way how do I successfully uninstall "Hijack This"? I may still need it depending on your response, but I would like to know how to get rid of it for afterwards.

10. Just letting you know I have'nt done the "SYSTEM RESTORE" disabling and restarting yet. I must be a fool but before I cam on your site I tried to create a restore point and use a previous date to see if that would fix everything. Little did I know until after I read your guid that System restore can back up infections. Oops! Let me know if I should do this now.


Anyways my three logs are attached (bit def, panda, hijack), and hopefully you get back to me with positive answers. I hope you are aware that I spent over 13 hours reading and scanning and stuff before comming to post. So I hope that I am well deserving of answers. To whomever helps me.


THANK YOU. YOUR GOOD DEEDS WILL BE RETURNED SOMEDAY.

 

Yes, your HijackThis log, has to be from Normal Mode on Normal Startup. Do not use MSCONFIG to disable anything,

 

Okay well I'm just letting you know that my hijack this log was from normal startup mode. Thank You. Someone please reply to my first post and help. Still have'nt had any clear answers. I followed everything correctly. I'm dying for help please.

 

superstar,

Let's get a little deeper to make sure nothing is hiding. Please see this thread on Running WinPfind by Old Timer.

Once you complete this attach the log to your next post and we will go from there.

 

Thank you for your response, I've been waiting for one for some time. Attached is my "WinPFind" log. I hope you can help me further as I have not been on my pc since this happened. I only turn on my pc to check for responses, because I have a lot of important data here I don't want to lose by normal activity which may cause these infections to rise or get worse.

By the way I have not reversed any of the things I did to my pc as recommended to do so before posting (ie: check my first post to see what I mean). Well thank you. I will turn my pc off and keep checking for your response.

 

Before we start the fix I would like to advise you that I do not see a active firewall on your computer. I would recommend installing one ASAP for many reasons. There is a few free firewalls listed in the thread below.

How to Protect yourself from malware!

Now, scan with HijackThis and check the boxes for the following entries:
( Make sure ALL browser windows are closed when you click FIX )

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Netscape Accelerator\components\NOWImaging.dll (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

Again, make sure ALL browser windows are closed when you click FIX.

Copy the contents of the below Quote Box to Notepad. Then click File and then Save As. Change the Save as Type to All Files. Name the file fix.reg and then click save. (make sure you save it somewhere you can find it. Saving it to your Desktop may make that easy.) Then double-click on the fix.reg file on your desktop (or locate it with Windows Explorer and double click on it if not saved to the Desktop) and when it prompts to Add in to the registry, say yes.

Next, run CCleaner to clean up cookies and temp files.


Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:

• Temporary Files
• Temporary Internet Files
• Recycle Bin

And Click OK.

After you complete the above, REBOOT and proceed with the rest of this fix...

Finally, I would like you to flush your System Restore points. Please follow the instructions in the below:

• Disable and Re-enable System Restore
  
  
• Turn OFF System Restore to flush any bad Restore Points.
  
  
• Then, follow the instructions at the bottom of the linked page to Re-enable the Restore Utility which will create a fresh restore point.

After you complete the above reboot once more and then scan with HijackThis and attach the new log.

Let me know of any problems you may have encountered with the above instructions and also let me know how things are running now.

 

Sorry but the only part I am iffy about is running CCleaner to clear my cookies and temp files. I remember I tried to use CCleaner before as you guys had said it was optional in your "READ BEFORE POSTING" guide. Anyways when I ran the demo mode of CCleaner it cleared a heep of files. Some which belonged to nero. I don't want to ruin any programs. How can I be sure to have the right settings before running CCleaner? What are the exact settings I should use for that before I run it? The rest is easy. Thx. Once you let me know I will begin and proceed to do the rest than post my log.

Thank You.

 

The default settings is what you need to run, just click "Run Cleaner" and it will do the job. CCleaner only removes junk files, basically which are unecessary.

 

I've finished doing all of the instructions you suggested. Attatched is my log. Please let me if I'm in the clear now or if there is more to do. Remember I changed settings to my pc by doing this sites recommended "Read before you post" instructions. So if it's time for me to change everything back to normal let me know. Than I will uninstall ccleaner and all the uneccessary programs I installed.


Thank You

 

Sorry. I left you a post above this one, but I forgot to mention something... So make sure you read the post above this one as it contains that log you asked me for.

What I wanted to say is that you said I did'nt see an active firewall on my system. Well I use the windows xp firewall and it is enabled. I read the link to that page you suggested. But why would you want me to use one of those instead?

I have seen them in action before, and those kinds of things block a lot of stuff. Like Zone Alarm, I used that one on an old pc I had and that one kept popping up on like every page I'd go to telling me stuff. I hate the constant bother of it. If there is one that is quiet and does'nt say ummm.... block my downloads or when I click on a link that opens on a new window... Than yah I would try it. I would have to install it on my old pc first to see how it works, because I hate the constant nagging of those programs. I have never really used any. When I told you I had zone alarm on my old pc, it was just for like a day or two, than I uninstalled it because it was bothersome. So no I am not familiar to them, neither am I aware of whichever one is best... I have no idea...

 

The "Windows Firewall" is not good enough to be considered a firewall. It doesn't block near the items ZoneAlarm does nor protect you as good. ZoneAlarm pops up on anything requesting internet access, if you know the program or file granting permission you can grant access and check remember so it does not asking again. I personally recommend ZoneAlarm over any firewall because it does the job like it's supposed to.

 

Your HJT log is clean, are you having any current problems?

 

Fine I guess I will install zone alarm. As fars as having any probelms on my pc. No I have'nt experienced anything other than the fact that I know there are things still lurking on my pc. You said my hi jack this log is clean. I took the liberity of scanning my pc with "Kaspersky's" online scan. I saved the log and it is attached below. You'll be very interested in what you find... Because it found 6 virus'!!!!!!!!!!!

Some are in my housecall quarantine... Should'nt these be deleted? Some are files that previous scans on other programs found to be infected. Like a few programs I downloaded but have not installed. Should I delete them? I mean take a look at the log and tell me what to do. I have also attached a new hi jack this log.

I do not want to use my pc until it is clean so I am losing work time as I have things to do on here. Please help me. Thank you for your advice and support. There are things I want to do like shop on ebay and stuff like that. I cannot do that until I know all these things are gone, as I know they can track you and spy on your information and passwords and stuff.

Thank You

 

Your HJT log looks good, the Kaspersky log, most of that has already been removed. As far as the cookied and junk goes, everytime you open a internet page you will have this so that's not a threat unless you don't clean up using CCleaner.

 

So I'm in the clear? Can I begin to use my pc? If so I will install zone alarm now, and I will also install mozilla firefox browser. I used it at work and I like that browser. So I'm just waiting on your word and my home pc use begins again.

You mentioned that I have to make sure I clean wit CCleaner regularly. I have System Mechanic 4, and it has a wizard which does the following:

- removes junk and obsolete files

- removes invalid items from the system registry

- compacts the registry on the next restart

- removes internet cache, history, cookies and other debris

- removes spyware and other pc parasites

- defragments all hard drives


Okay well I use system mechanics wizard which does all that in one shot. I use it regularly. Is there something CCleaner does better? Otherwise I am uninstalling CCleaner and sticking to my System Mechanic. I also want to uninstall all other programs that you told me to install to diagnose this problem. Tell me which ones I should keep. I know I should be keeping windows defender right?.

Anyways tell me if I should reset all the settings the way they were on my pc before I started this whole thing on this site (ie: windows folder settings, etc).



Thank You for your support I appreciate it.

 

Yes, I would say your ok to use your machine. As far as System Mechanic, I don't have much experience with it so I'm not sure if it does a good job or not, I have used CCleaner for a long time with no problems.

Windows Defender is a good program to have however I use Spy Sweeper and it does a great job. It's up to you whether you keep it or not but you will be fine if you do.

You should see this article on How to Protect yourself from malware!

Surf Safely!

 

Okay thank you for your time. I am now going to use my machine. I am also going to set my xp settings the way they were before.

Is msconfig supposed to be on "normal startup"? is that the way xp is shipped?
Because I want to keep it the way it was.

Thx

 

Yes, it should be set to "normal startup", however I don't recommend using MSConfig for anything, it's really for advanced users and could mess up things is used incorrectly.